Posted
by
Roblimoon Friday September 21, 2012 @10:51AM
from the my-exploits-are-better-than-yours dept.

This video is a half-hour speech given by Dino Dai Zovi and Charlie Miller, two people Apple corporately hates because of their success in finding security holes in Apple operating systems and software. Both Charlie and Dino have been mentioned on Slashdot before and probably will be again. This is a chance to see how they sound and look in person, talking to a small "by invitation only" group. They have a book to push, too: The iOS Hacker's Handbook. (Please note that this book is supposed to help you secure iOS and iOS apps, not exploit security holes in them.)

then they should have said, "hey i know that we have these rules but these guys helped us out so we are going to give them a one time pass" "Charlie next time please work with us if you have a security hole and we will even give you a temporary account to play around with things to confirm or not future security holes".
Wouldnt that have been the 'right thing' to do??

Right. Like when someone commits an act of pre-meditated murder against a murderer. The law should say "Hey, I know he violated the law, but he helped us out, so we are going to give him a one time pass"

"Wouldnt that have been the 'right thing' to do??"

No. The right thing to do would be to follow standard full disclosure [wikipedia.org] principles. What he did is the rough equivalent of releasing an exploit into the wild.

If I rob a bank, out of my own initiative and without the consent of the owners, there's no reason why I should go to prison if my only purpose was to show the owners they had some security flaws. Right?

Actually he got banned for breaking the store terms and conditions, not for discovering a security hole.

The headline is just linkbait - Apple does not hate people who discover security holes in its software, it's quite the opposite. They take time to mention and thank people who find specific bugs in their security update notes and have been doing for many years when they close that particular hole.

How do you figure that taking a percentage for selling a good - which practically every fucking store in the whole fucking world does - is "anti-competitive"? Are you new to this we call "the real world"?

In most of your cases, (like Target commissioning), they own the products. Third party developers and their software are not owned by Apple. Like McDonald's owns Big Mac. Apple does not "own" my iOS app. Chrome selling safari? That's like selling Android on the app marketplace. How can you even compare? Apps are not a competitor to Apple or iOS. At all.

The point is that target has a special exclusive relationship with those products. It's exclusive to them. In the case of the iPhone, the customer owns the device. They want to put something on it...where exactly does apple come in?

"they aren't forcing them to sign exclusivity agreements"

But the exclusivity is technologically enforced.

Ramen can sell it's noodles anywhere else. Not just target. But where can an iOS developer sell his/her iOS programs? Nowhere else.

What is stopping a developer from developing for any other platform besides/in addition to Apple? Absolutely nothing. To use their store and their platform, there are rules.
If you don't like the rules, you can develop for someone else. Just because you don't like the rules doesn't mean that they are anti-competitive.

I didn't say anyone was forcing me to use Apple products. And I was talking about the PC market. Why should PCs and smartphones be any different? This is not about what's legal/illegal but about being jerks. Apple is being a jerk.

Also, once the phone is purchased, it belongs to the customer. Ethically Apple should have no right to dictate what apps are installed on to it.

You compares what Apple is doing in smartphones with what MS is doing in
computers when they are doing the exact same thing in smart phones. Thus you are not being fair. In computers, Apple does not require approval of your application unless you are using their online store. Since MS has no counterpart at the moment, you can't compare; however, it sounds like MS will be doing the same for Win 8 apps in the MS store. So basically your argument fails.

Neither of which changes the fact that one approach is good and the other is bad. I think I can safely say that the world as a whole is better of because Windows programs could be run by anyone and installed from any source.

You were the one who held MS as the shining example of what you wanted except that they do exactly what you complain that Apple does. And on a Mac, you can't install anything you want? If you go through the Mac App store, Apple controls what they sell there just like any other store. But you don't have to use their store. Pretty soon MS will adopt the exact same model for the Win 8 store. I don't see what your point is.

Remember that only an investigation can reveal whether something is anti competitive or not. It depends on the market share and the amount of abuse. Remember that when Apple refused to approve the Google voice app, it was pressure from the FCC that finally got them to approve it. After all, it's "their store" right? They can refuse any app they want.

Apparently not. Just because Apple is following the letter of the law doesn't mean that they can't be held to be anti competitive in the future.

Despite the malware, the entire world is better off for Windows on the PC being open to everyone. It has brought the age of computing to the masses as there's no centralized software control. If Apple truly wanted to do the right thing, they must open their platform.

Then why are you trumpeting MS as what you want when they do the same thing. For the Mac you can install what you want just like you can with Windows. For iOS devices, you cannot. This was done for ease of use and to control malware. If you want total freedom choose Android. You don't like Apple's model, don't support them. I don't like Sony; I don't buy their electronics.

Why should MS? Probably the same reasons. On a PC, the UI is far more capable and so installation and removal of software is easier. Even so malware has been a huge problem. Update mechanisms were wildly inconsistent. Software purchasing/distribution on mobile was not easy for most consumers. Thus the average mobile user did not buy much software and mobile developers did not invest in making software. It was a chicken and egg problem.

And Apple for the open OS X model? In fact the basis of OS X is open source as Darwin. Has MS open sourced the core of Windows? Hypocritical of you when they both have the same model for their computers and the same model for smart phones.

Just confirming your hypocrisy and bias. It is the same as if you complained that Apple is profit driven and how altruistic MS for having a free version of their IDE. Both are profit-driven and both have free IDEs.

If the market share of one company is overwhelming, I obviously talk about that more than the others. I can't be expected to ALSO mention dozens of others just to be "balanced and fair". If MS has a significant mobile market share, they would have been honored with a reference. Since Apple has a large one, they get screwed. Hardly surprising.

Facts don't seem to be your strong point. The largest marketshare of smartphone OS belongs to Android not Apple. So "overwheming" is not exactly fair and balanced on your part. Apple does not control the OS of other phone manufacturers; they only offer vertical integration of their own products. None of which you have to buy. I didn't ask you to mention dozens of others. Just an apples to apples comparison of MS and Apple. Again, you lauded MS while criticizing Apple when they both did the same thing

Umm...in case you didn't notice, Android allows sideloading of apps. Apple is the biggest offender when it comes to closed mobile systems. And I repeat (in a tired tone) - I never lauded MS's mobile strategy. I just think they're irrelevant in that area and not worth mentioning.

If you had to criticize a company for a closed mobile OS, it would of course be Apple since they are the largest offender.

And they are both the same. Why is it so hard for you to admit that MS and Apple have the same exact philosophies? The fact that one has more marketshare than the other makes no difference. Having more marketshare does not change the facts. Your points are illogical and biased. Let's construct your arguments a different way:

"I think Mary is prettier than Suzy because she's blonde."
"Both Mary and Suzy are blonde."
"Well, Mary is a cheerleader."
"They are both cheerleaders."
"Still Mary is prettier beca

Next you'll want me to include Linux in my list of OSs as well. Market share may not mean anything to YOU. It does to me. Apple has the largest market share amongst closed OS systems. So it catches my criticism since they're the biggest targets.

Considering the billions of dollars spent unnecessarily on antivirus software and additional billions stolen from people who weren't able to stop their computer from being "open to everyone," I disagree with you.

You were the one who repeatedly lauded MS and criticized Apple for having the same philosophies. And how does having a larger or smaller marketshare change the basic fact that MS and Apple have the exact same philosophies? Now you are desperately trying to reframe the argument to cover up your hypocrisy and bias. Why don't you simply admit that you're biased?

When you have a huge market share, you have a duty to keep your platform open. Otherwise you're a douche. Which is why companies which small closed platforms don't get mentioned. You're forgiven if you have a minuscule market share. Not if you have a big one.

If tomorrow, Apple has a tenth of the marketshare they have today in smartphones, they would still have the same philosophy. And they still have the same philosophy as MS. Have any basic philosopies changed? Would you still criticize Apple and laud MS? Yes. Hypocrisy and bias.

So when Apple had 0% apps when the iPhone launched, they weren't douchebags. So when MS switched from an open model to a
closed one for smartphones, they're not douchebags? Isn't your illogical argument the same as you saying the childhood bully that takes your lunch isn't a douchebag because he wasn't popular but the other bully that took your money is a douchebag because he was popular. There's no difference but your bias.

"So when Apple had 0% apps when the iPhone launched, they weren't douchebags."

No. Since they didn't have market share, they had no ethical responsibility to keep it open.

"So when MS switched from an open model to a closed one for smartphones, they're not douchebags?"

Strictly speaking MS smartphones were open with Windows Mobile for a long time. I know because I used several. Sideloading and installation was very much allowed. But as I said, a lower market share doesn't convey any expectations.

Yes, because he did so without their permission and violated the ToS. That hardly means they hate him. Only a moron would think that someone is just going to welcome you with open arms when you do stuff they explicitly didn't approve.

Only a moronic company would punish someone for pointing out a security problem to them. The lesson Apple appears to have been trying to teach Charlie is that the next time he discovers a security hole in the app store, he should sell that information to criminals.

I've searched for many different combinations of "charlie miller", "banned", "google" and "playstore", but all I found was his ban from Apple and his research on NFC and Playstore bouncer vulnerabilites. Is there something I've missed?

Ah, missed it at 50 seconds in the video, but still can't find any details. Their blog post [duosecurity.com] on Bouncer hack mentions they've "been in touch with the Android security team and will be working with them to address some of the problems weâ(TM)ve discovered" and their NFC hack didn't need any Google account at all. May be someone can find more?

Result # 9 from the google search: "Charlie Miller Google Play Ban" from Mr. Miller's own twitter feed, in his own words. He was banned for, in his words, "being associated with Jon Oberheide" - one of the researchers who discovered a flaw in Android's Bouncer security program that he exploited by putting multiple bogus apps up on the Play Store.

So... he didn't even exploit the security hole in Google Play - he just happened to be 'working with or as

I disagreed with apple's reaction to him based on the details in article I read about that. I don't have any information on his dealings with google so I can't judge. Is there part of that that's unreasonable or am I supposed to automatically condemn all companies if I condemn one?

No, as I said, it's amazing how reasonable you have become now we find out Google issued a bigger ban than Apple did. It's a shame your original post was littered with shouting and multiple exclamation marks and sarcasm, and you didn't show your reasonable side from the outset.

Now, just for fun, given that this is the very same security researcher, can you give me an example of what he could have done that would make Google's lifetime ban for him and his wife reasonable. (In the light of a 1 year ban for br

I'll defend my sarcasm in light of what AC wrote initially. From the article I linked to, apple seems to have punished him for making it clear that there were holes in their app store security. Not actually exploiting them. That to me sounds like more of a PR move, though I'm not sure that's more boneheaded than banning him simply for violating the TOS. As I said, apples actions seem to be telling him that it would have been better had he given the exploit to someone who would use it maliciously, than b

I find it odd that you're still trying to convince me I'm biased against apple. What's your motivation? I don't like apple, if that's what you're after. My sarcastic reply to AC was more about how inconsequential TOS violations were. I think apple banned him for showing that their walled garden wasn't perfect. That probably isn't the case for google, since everyone already knew that has malware.

This is really not debatable, or questionable, or a question of "if and why" - they banned him, for life. It is in the video, from Miller himself, who says, around 50 seconds into the linked video, "The good thing about Apple is, it's only a 1 year ban, where I'm banned from Google for... lifetime." Or, if you're really concerned that somebody somehow spliced in a convincing fake of his voice on that video, you can read it in his own words, from his twitter feed:

"Why would Apple hate them"uh, maybe because Apple likes to keep any of its security issues quiet rather than watch these two guys publicly expose iPhone issues the way the entire open-source Android developer community does for Android Phones. What these two guys are doing is contrary to the walled-garden business model that is Apples creed.

Absolutely. I mean if someone finds a way to hack your security system and enter your house without you knowing, they do not have a responsibility to tell anyone. No, they should plant cameras in you bedroom and bathroom so they can proive the concept [macgasm.net], then showing how silly you are for note having perfect security by uploading naked pictures of kids and you doing naughty things to the internet.

Further, there is no way that the person who broke into your house is responsible. It is your fault for not h

And richly deserved. They've become the new Microsoft with their 'our way or the highway' mentality.

I have a lot of respect for what Steven Jobs has accomplished and envy for his money. However, the business tactics he instilled at Apple and that his successors have promelageted are reprehensible. I do what I can do steer peiople away from all things Apple.

I gladly and joyfully negate your efforts at every opportunity. Apple hardware isn't a good fit for everyone, but I never hesitate to endorse it when appropriate.

It isn't about the quality of their hardware, as nice as it may be, it is about getting sucked into their evil vortex.

Every for-profit business is "anti-competitive" based on the slashdot definition of that term. It's become entirely meaningless. Apple isn't Microsoft. They don't act like Microsoft. They don't look like Microsoft.

They are, realatively speaking, worse. It is kind of like Yahoo vs Google. Yahoo makes no bones about being in it for the money. Google, on the other hands, stands behind the notion of answering to a higher value. And then stooping lower than Yahoo would. I 'trust' Yahoo more than Google, at least in terms of their face value. Don't forget, Jobs built the first Apple as a tool for stea

Agree completely! Apple is far worse than Microsoft. They're trying to stifle innovation by utilizing our system of laws like a blunt instrument, they sell 'cool' and are attempting to make the current generation of computer users into sub-moronic wallets with legs that bring every iDevice problem into a "genius" bar. But I suppose that anybody with a Fox News link in their sig worships freely at the alter of the free market. Even if it doesn't actually exist.

Unlike complete nit-wits (such as yourself) I don't have my identity tied up into a phone. I use what works best for me, at the moment that's Android, if in a year a more tantalizing phone comes out I'll make the switch. And for the record, ANY company that tries to get away with patenting concepts that a first year computer science student would create (don't worry, you'll get there eventually!) should be forced to sit in a corner for a year to think about what they've done. YOU are part of the problem,

But it turns out, most of my headaches are MY FAULT. By following bad eating habits, for example, I create sub-optimal nutritional conditions which, at times, results in discomfort. Other causes of headaches might result from other conditions within my preventative control. And it is my failure to manage those conditions which is the cause of my headaches.

Apple? Are you listening? Manage your conditions and you will have fewer headaches.

That headline is pretty damned stupid. It's like the stuff I've seen before on internet scams

"Doctors hate this bodybuilder - see how he keeps growing 20 lbs of muscle per week!""The U.S. Government hates this guy - see how one guy never pays taxes!""Women hate this doctor - find out how to get any women you want by taking this new secret pill!"